Bogus Antivirus and Security

Discussion in 'other anti-malware software' started by WilliamP, Dec 6, 2011.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Is there an Antivirus or other program that can recognize and stop one of these in their tracks? I know that the operator has to click on it to get it started. I was just wondering if there is a program that would act as a fail-safe to protect the system?
     
  2. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA

    Well,

    With standalone anti-virus that rely just only on virus-signature updates, I think it's very unlikely for those AVs to detect bogus [fake] AVs because fake AVs morph constantly and whatever might be caught right now, might be missed in the next hour.

    You best bet is using HIPS and/or sandboxing your browsers and Internet facing applications [media players, pdf readers, instant messengers, etc.]

    Also, keep the most vulnerable applications [I mean the ones vulnerable to exploits] updated to the most recent versions, this includes [but not limited to] Adobe Flash Player, Adobe Shockwave Player, Adobe Acrobat Reader, Java SE RunTime Environment and also keep Windows and Office [if you run MS Office] fully patched checking Windows Update manually or setting up your PC to download those patches automatically. Furthermore, whenever possible, run your computer as a Restricted User [also known here as a Limited User] to minimize the damage that a fake AV infection may cause.

    You may want to install Secunia PSI software Inspector so it checks your system for unpatched applications and alerts you.


    Hope this helps.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    No such dedicated App exists, be nice if it did :D

    Further to Zyrtec's suggestions, mine would be to include an AntiExe App. For eg: i use Processguard :thumb:
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    or add Mbam Pro;)
     
  5. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA

    Excellent suggestion Jmonge ! :thumb:
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I suppose heuristics are supposed to catch these. Not super reliable. AVs with the signatures will catch them.

    If they don't do a lot of suspicious stuff, just tell you to buy the product there isn't much any product can do without explicitly blacklisting it.

    Thankfully most of them do suspicious stuff.
     
  7. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I use Sandboxie . Of course I know better than to click on any of those. It is my daughter's kids that manage to get infected.
     
  8. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    Not always, and sometimes the virus analysts won't add detection because there is no malicious code within the rogue program. They are getting better at adding these now though than a couple of years ago.
     
  9. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA

    You sure about that?


    What about “Cloud Security 2012” fake AV?



    ---http://www.bleepingcomputer.com/virus-removal/remove-cloud-av-2012---




    and this one: “System Fix” fake HDD fixer



    ---http://www.bleepingcomputer.com/virus-removal/remove-system-fix---



    Not all Rogues [fake AVs] are just benign programs just designed with the solely purpose to annoy the PC user.


    Thanks
     
  10. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,121
    Location:
    Pennsylvania.
    HIPS would stop them right in thier tracks. :D
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If they have a signature for it, it will catch it - that's how it works.
     
  12. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    This is why I said sometimes. ;) I am aware there are rogue programs that do exhibit trojan or other malware-like behaviours. However, there are fake/rogue programs out there whose only purpose is to misinform the user and hopefully extract payment to fix non-existent errors. With some of these that I submitted to the likes of KL I was always told there is no malicious code within the program itself and so would not be added to their definitions. As I said, they have got better at adding these "fraud.tools" to their signature bases.
     
    Last edited: Dec 7, 2011
Loading...
Thread Status:
Not open for further replies.